'Lack validation : Parameter exposed to external callers Python

I run CodeGuru CodeReview in my project, I got following recommendation.

For this line : return locale_alias[language][message]

Problem: This line of code lacks validation when processing input data through the following parameter: 'message' (index: 1 | type: Unknown). The parameter is exposed to external callers, because its enclosing class and method are publicly accessible. This means that upstream validation, if it exists, can be bypassed. Other validated parameters: 'language'.Malicious, malformed, or unbounded inputs can cause unexpected runtime behavior or crashes, and can slow performance

Public method parameters should be validated for nullness, unexpected values, and malicious values. Invalid or malicious input can compromise the system's safety.

Here is the code structure of my project.

strings.py

TESTING_ME = "Testing language"

strings_fr.py

TESTING_ME = "French Testing language French"

strings_en.py

TESTING_ME = "English Testing language English"

string_class.py

import strings_handler    

# class to handle strings_handler based on message and language select from endpoint
class Locale:
    def __init__(self, language, message):
        self.string = strings_handler.select_locale(language, message)

strings_handler.py

  import strings as key

  def select_locale(language, message): 

      if language == "fr"  
          import strings_fr as strings
      else:
          import strings_en as strings
      locale_alias = {language:
        {key.TESTING_ME : strings.TESTING_ME }            
        }
      return locale_alias[language][message]

In api call

import Locale
from typing import Optional
from fastapi import APIRouter
router = APIRouter()

@router.post("/test")
async def test_program(language:Optional[str] = "en"):
     return JSONResponse(
        status_code=header_status,
        content={
            "message": Locale(language, strings.TESTING_ME).string
        }
    )

How to ensure the validity of parameters's value (message)?

pythonfastapi


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?